make dropping of pakets marked as invalid optional

author: Tim Meusel <tim@bastelfreak.de> 2020-04-15 09:57:09 +0200
committer: Tim Meusel <tim@bastelfreak.de> 2020-04-21 13:57:49 +0200
commit: cd38691675da20ff4f38f18b2505955694ea56e4 (patch)
tree: 9214c865a224b44d9a21a78ebee86954c7e6fe8d /templates
parent: c34c528537cd9baa7057588d628a36843d63b015 (diff)
download: puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.gz
puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/templates/ferm_chain_header.conf.epp b/templates/ferm_chain_header.conf.epp
index 938958b..3c92e7a 100644
--- a/templates/ferm_chain_header.conf.epp
+++ b/templates/ferm_chain_header.conf.epp
@@ -1,5 +1,6 @@
 <%- | Optional[Ferm::Policies] $policy,
       Boolean $disable_conntrack,
+      Boolean $drop_invalid_packets_with_conntrack,
 | -%>
 # THIS FILE IS MANAGED BY PUPPET
 <%- if $policy { -%>
@@ -10,5 +11,7 @@ policy <%= $policy %>;
 <% unless $disable_conntrack { -%>
 # connection tracking
 mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT;
+<% if $drop_invalid_packets_with_conntrack { -%>
 mod conntrack ctstate INVALID DROP;
 <% } -%>
+<% } -%>
author	Tim Meusel <tim@bastelfreak.de>	2020-04-15 09:57:09 +0200
committer	Tim Meusel <tim@bastelfreak.de>	2020-04-21 13:57:49 +0200
commit	cd38691675da20ff4f38f18b2505955694ea56e4 (patch)
tree	9214c865a224b44d9a21a78ebee86954c7e6fe8d /templates
parent	c34c528537cd9baa7057588d628a36843d63b015 (diff)
download	puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.gz puppet-ferm-cd38691675da20ff4f38f18b2505955694ea56e4.tar.bz2